Data breaches in recent years have become far too common due to a higher level of capability by hackers to access systems and companies falling asleep at the security wheel. It is obvious that C-level executives as well as their Boards are oblivious to the massive data breaches at various firms. One would think that all firms would reassess and add stronger redundancies to their security infrastructures , but obviously this is not always the case as we have seen at Equifax. I would suspect or at least hope that they are tripling down on a focus on data security at this point.
However, the critical point that I believe most if not everyone is overlooking is that personal identification information has been revealed to whomever on a beyond massive scale. This information is basically static information that will never change for individuals so the damage is out there in perpetuity. Closing up the security gaps at Equifax is good for that company, but of marginal value for any holder of credit as all the keys to opening up bogus lines of credit are out there for the taking.
The only solution to preventing perhaps massive amounts of identity fraud occurring and severely impacting mega millions of consumers is to position identifying data points such as names, addresses, SSNs and the like to not be the absolute final identification factors. There is an urgent need at this point in time for a form of additional authentication that best assures that a person is indeed who they claim to be versus someone merely presenting identifier data which now is exposed to the world.
There are a number of ways that this can be implemented and the company which leads the charge will reap considerable rewards. In the interim, I would hope that all issuers of any type of credit device will take some form of interim procedures to better assure that all applicants for new credit are who they claim to be. Perhaps stopgap measures could include something as simple as contacting the applicant via USMail to their address of record and/or a phone call to their registered phone contact prior to finalizing any new credit. Sorry to say that I suspect issuers of credit will not take any actions and thus will show little regard to innocent consumers who will become victims of identity fraud/theft.
It will not happen, but I believe that Federal Laws need to be put in place that if any firm issues credit erroneously due to falsification of presented identifying information, the credit issuer assumes all responsibility immediately once the fraud is revealed. Putting consumers through financial hell for weeks, months and in some cases years while they pursue the complicated process of removing the fraudulent credit from their file is simply egregious.
The Equifax data breach may well cause credit fraud hell for many, many years into the future – unless the credit industry takes immediate steps to update credit checks and issuance for the realities of the 21st Century.
Equifax has a great opportunity to take the lead on this and actually benefit longer term. Opportunities such as this do not come along very often.